Example 6 with ValidationErrorCode
use of org.apache.ranger.plugin.errors.ValidationErrorCode in project ranger by apache.
the class RangerServiceDefValidator method isValidConfigOfEnumType.
boolean isValidConfigOfEnumType(RangerServiceConfigDef configDef, List<RangerEnumDef> enumDefs, List<ValidationFailureDetails> failures) {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("==> RangerServiceDefValidator.isValidConfigOfEnumType(%s, %s, %s)", configDef, enumDefs, failures));
}
boolean valid = true;
if (!"enum".equals(configDef.getType())) {
LOG.debug("ConfigDef wasn't of enum type!");
} else {
Map<String, RangerEnumDef> enumDefsMap = getEnumDefMap(enumDefs);
Set<String> enumTypes = enumDefsMap.keySet();
String subType = configDef.getSubType();
String configName = configDef.getName();
if (!enumTypes.contains(subType)) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_UNKNOWN_ENUM;
failures.add(new ValidationFailureDetailsBuilder().field("config def subtype").subField(configName).isSemanticallyIncorrect().errorCode(error.getErrorCode()).becauseOf(error.getMessage(subType, configName, enumTypes)).build());
valid = false;
} else {
// default value check is possible only if sub-type is correctly configured
String defaultValue = configDef.getDefaultValue();
if (StringUtils.isNotBlank(defaultValue)) {
RangerEnumDef enumDef = enumDefsMap.get(subType);
Set<String> enumValues = getEnumValues(enumDef);
if (!enumValues.contains(defaultValue)) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_UNKNOWN_ENUM_VALUE;
failures.add(new ValidationFailureDetailsBuilder().field("config def default value").subField(configName).isSemanticallyIncorrect().errorCode(error.getErrorCode()).becauseOf(error.getMessage(defaultValue, configName, enumValues, subType)).build());
valid = false;
}
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("<== RangerServiceDefValidator.isValidConfigOfEnumType(%s, %s, %s): %s", configDef, enumDefs, failures, valid));
}
return valid;
}
Also used :
RangerEnumDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)
ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)
Example 7 with ValidationErrorCode
use of org.apache.ranger.plugin.errors.ValidationErrorCode in project ranger by apache.
the class RangerServiceDefValidator method isValidPolicyConditions.
boolean isValidPolicyConditions(List<RangerPolicyConditionDef> policyConditions, List<ValidationFailureDetails> failures) {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("==> RangerServiceDefValidator.isValidPolicyConditions(%s, %s)", policyConditions, failures));
}
boolean valid = true;
if (CollectionUtils.isEmpty(policyConditions)) {
LOG.debug("Configs collection was null/empty! ok");
} else {
Set<Long> ids = new HashSet<>();
Set<String> names = new HashSet<>();
for (RangerPolicyConditionDef conditionDef : policyConditions) {
valid = isUnique(conditionDef.getItemId(), ids, "policy condition def itemId", "policy condition defs", failures) && valid;
String name = conditionDef.getName();
valid = isUnique(name, names, "policy condition def name", "policy condition defs", failures) && valid;
if (StringUtils.isBlank(conditionDef.getEvaluator())) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_POLICY_CONDITION_NULL_EVALUATOR;
failures.add(new ValidationFailureDetailsBuilder().field("policy condition def evaluator").subField(name).isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage(name)).build());
valid = false;
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("<== RangerServiceDefValidator.isValidPolicyConditions(%s, %s): %s", policyConditions, failures, valid));
}
return valid;
}
Also used :
RangerPolicyConditionDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)
ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)
HashSet(java.util.HashSet)
Example 8 with ValidationErrorCode
use of org.apache.ranger.plugin.errors.ValidationErrorCode in project ranger by apache.
the class RangerServiceValidator method isValid.
boolean isValid(Long id, Action action, List<ValidationFailureDetails> failures) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerServiceValidator.isValid(" + id + ")");
}
boolean valid = true;
if (action != Action.DELETE) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_UNSUPPORTED_ACTION;
failures.add(new ValidationFailureDetailsBuilder().isAnInternalError().errorCode(error.getErrorCode()).becauseOf(error.getMessage(action)).build());
valid = false;
} else if (id == null) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_MISSING_FIELD;
failures.add(new ValidationFailureDetailsBuilder().field("id").isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage(id)).build());
valid = false;
} else if (getService(id) == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("No service found for id[" + id + "]! ok!");
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerServiceValidator.isValid(" + id + "): " + valid);
}
return valid;
}
Also used :
ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)
Example 9 with ValidationErrorCode
use of org.apache.ranger.plugin.errors.ValidationErrorCode in project ranger by apache.
the class RangerServiceValidator method isValid.
boolean isValid(RangerService service, Action action, List<ValidationFailureDetails> failures) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerServiceValidator.isValid(" + service + ")");
}
if (!(action == Action.CREATE || action == Action.UPDATE)) {
throw new IllegalArgumentException("isValid(RangerService, ...) is only supported for CREATE/UPDATE");
}
boolean valid = true;
if (service == null) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_NULL_SERVICE_OBJECT;
failures.add(new ValidationFailureDetailsBuilder().field("service").isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage()).build());
valid = false;
} else {
Long id = service.getId();
if (action == Action.UPDATE) {
// id is ignored for CREATE
if (id == null) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_EMPTY_SERVICE_ID;
failures.add(new ValidationFailureDetailsBuilder().field("id").isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage()).build());
valid = false;
} else if (getService(id) == null) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_INVALID_SERVICE_ID;
failures.add(new ValidationFailureDetailsBuilder().field("id").isSemanticallyIncorrect().errorCode(error.getErrorCode()).becauseOf(error.getMessage(id)).build());
valid = false;
}
}
String name = service.getName();
boolean nameSpecified = StringUtils.isNotBlank(name);
RangerServiceDef serviceDef = null;
if (!nameSpecified) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_INVALID_SERVICE_NAME;
failures.add(new ValidationFailureDetailsBuilder().field("name").isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage(name)).build());
valid = false;
} else {
RangerService otherService = getService(name);
if (otherService != null && action == Action.CREATE) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_SERVICE_NAME_CONFICT;
failures.add(new ValidationFailureDetailsBuilder().field("name").isSemanticallyIncorrect().errorCode(error.getErrorCode()).becauseOf(error.getMessage(name)).build());
valid = false;
} else if (otherService != null && otherService.getId() != null && !otherService.getId().equals(id)) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_ID_NAME_CONFLICT;
failures.add(new ValidationFailureDetailsBuilder().field("id/name").isSemanticallyIncorrect().errorCode(error.getErrorCode()).becauseOf(error.getMessage(name, otherService.getId())).build());
valid = false;
}
}
String type = service.getType();
boolean typeSpecified = StringUtils.isNotBlank(type);
if (!typeSpecified) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_MISSING_SERVICE_DEF;
failures.add(new ValidationFailureDetailsBuilder().field("type").isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage(type)).build());
valid = false;
} else {
serviceDef = getServiceDef(type);
if (serviceDef == null) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_INVALID_SERVICE_DEF;
failures.add(new ValidationFailureDetailsBuilder().field("type").isSemanticallyIncorrect().errorCode(error.getErrorCode()).becauseOf(error.getMessage(type)).build());
valid = false;
}
}
if (nameSpecified && serviceDef != null) {
// check if required parameters were specified
Set<String> reqiredParameters = getRequiredParameters(serviceDef);
Set<String> inputParameters = getServiceConfigParameters(service);
Set<String> missingParameters = Sets.difference(reqiredParameters, inputParameters);
if (!missingParameters.isEmpty()) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_REQUIRED_PARM_MISSING;
failures.add(new ValidationFailureDetailsBuilder().field("configuration").subField(// we return any one parameter!
missingParameters.iterator().next()).isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage(missingParameters)).build());
valid = false;
}
}
String tagServiceName = service.getTagService();
if (StringUtils.isNotBlank(tagServiceName) && StringUtils.equals(type, EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
failures.add(new ValidationFailureDetailsBuilder().field("tag_service").isSemanticallyIncorrect().becauseOf("tag service cannot be part of any other service").build());
valid = false;
}
boolean needToEnsureServiceType = false;
if (action == Action.UPDATE) {
RangerService otherService = getService(name);
String otherTagServiceName = otherService == null ? null : otherService.getTagService();
if (StringUtils.isNotBlank(tagServiceName)) {
if (!StringUtils.equals(tagServiceName, otherTagServiceName)) {
needToEnsureServiceType = true;
}
}
} else {
// action == Action.CREATE
if (StringUtils.isNotBlank(tagServiceName)) {
needToEnsureServiceType = true;
}
}
if (needToEnsureServiceType) {
RangerService maybeTagService = getService(tagServiceName);
if (maybeTagService == null || !StringUtils.equals(maybeTagService.getType(), EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
failures.add(new ValidationFailureDetailsBuilder().field("tag_service").isSemanticallyIncorrect().becauseOf("tag service name does not refer to existing tag service:" + tagServiceName).build());
valid = false;
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerServiceValidator.isValid(" + service + "): " + valid);
}
return valid;
}
Also used :
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
RangerService(org.apache.ranger.plugin.model.RangerService)
ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)
Example 10 with ValidationErrorCode
use of org.apache.ranger.plugin.errors.ValidationErrorCode in project ranger by apache.
the class RangerPolicyValidator method isValidItemAccesses.
boolean isValidItemAccesses(List<RangerPolicyItemAccess> accesses, List<ValidationFailureDetails> failures, RangerServiceDef serviceDef) {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("==> RangerPolicyValidator.isValid(%s, %s, %s)", accesses, failures, serviceDef));
}
boolean valid = true;
if (CollectionUtils.isEmpty(accesses)) {
LOG.debug("policy item accesses collection was null/empty!");
} else {
Set<String> accessTypes = getAccessTypes(serviceDef);
for (RangerPolicyItemAccess access : accesses) {
if (access == null) {
ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_ACCESS;
failures.add(new ValidationFailureDetailsBuilder().field("policy item access").isMissing().becauseOf(error.getMessage()).errorCode(error.getErrorCode()).build());
valid = false;
} else {
// we want to go through all elements even though one may be bad so all failures are captured
valid = isValidPolicyItemAccess(access, failures, accessTypes) && valid;
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("<== RangerPolicyValidator.isValid(%s, %s, %s): %b", accesses, failures, serviceDef, valid));
}
return valid;
}
Also used :
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)
Aggregations
ValidationErrorCode (org.apache.ranger.plugin.errors.ValidationErrorCode)25
HashSet (java.util.HashSet)6
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)3
RangerEnumDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)3
RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)3
ArrayList (java.util.ArrayList)2
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)2
RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)2
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)2
RangerService (org.apache.ranger.plugin.model.RangerService)2
RangerAccessTypeDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)2
List (java.util.List)1
RangerDataMaskPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)1
RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)1
RangerRowFilterPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)1
RangerPolicyResourceSignature (org.apache.ranger.plugin.model.RangerPolicyResourceSignature)1
RangerEnumElementDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef)1
RangerPolicyConditionDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)1
